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MULTISERVICE USE OF NETWORK CONNECTION CAPABILITY 
UNDER USER-TO-NETWORK INTERFACE SIGNALING 

BACKGROUND OF THE INVENTION 

1. Field Of The Invention 

The present invention is directed to a distributed switching system, such as, 
for example, a Multiservice Switching System based on, for example, frame, cell 
or packet switching, that supports video, private line and data services. 

2. Discussion Of Background And Related Information 

A Multiservice Switching System (MSS) comprises a distributed switching 
device designed to support plural forms of data, such as, but not limited to, for 
example, voice, computer data and video signals. Switching can be based on, for 
example, but not limited to, frame, cell, or packet switching. Multiservice 
Switching Systems may use a broad range of access technologies, including, but 
not limited to, for example, time division multiplexing (TDM), digital subscriber 
lines (xDSL), wireless, and cable modems. 

In an ATM switched virtual circuit (SVC) service, a SVC customer can 
either initiate or terminate a SVC service request via a user-to-network (UNI) 
interface. The SVC customer may be, but is not limited to, for example, an 
individual subscriber, an enterprise network, an ISP, or a peer network. Service 
policies define the capabilities and resources available to the customer. The 
service policies also determine whether a service request succeeds or fails. 

The amount of data being transmitted between locations has rapidly 
escalated. Voice networks (e.g., traditional telephone networks) are becoming 
overwhelmed by the rapidly increasing traffic flow. Further, it is costly to 
construct/expand such traditional telephone networks. As a resuh, companies are 
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searching for ways to carry voice services over packet networks, and for removing 
data traffic from the voice networks. This has led to the development of media 
gateways and media gateway controllers (referred to as distributed switches) that 
separate the service intelligence from the associated hardware, and allows voice 
and data to be carried over a packet network. 

Conventional architectures do not permit the separation of a service 
controller from a transport controller. For example, in a conventional ATM 
switch, a calling party uses the UNI protocol to request an ATM SVC connection 
to another end system that is connected to the network. This request is carried by a 
signaling channel to an ATM edge switch, which terminates the UNI protocol and 
initiates a private network-network interface (PNNI) protocol to complete a setup 
across the network to the edge switch that connects to the called party. The 
application of policy and decision to reject or accept a call is determined solely by 
an on-board processor within the switch. That is, service control is packaged into 
the switch. No standardized ATM mechanism currently exists to utilize service 
control outside of the switch. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The foregoing and other objects, features and advantages of the invention 
will be apparent from the following more particular description of preferred 
embodiments, as illustrated in the accompanying drawings, which are presented as 
a non-limiting example, in which reference characters refer to the same parts 
throughout the various views, and wherein: 

Fig. 1 illustrates an example ATM SVC service that utilizes intelligence 
separate from conventional ATM Switches that are useable with the present 
invention; 

Fig, 2 illustrates a conventional ATM Edge Switch and conventional SVC 
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Service Controller useable with the example ATM SVC service of Fig. 1; 

Fig. 3 illustrates a next generation ATM Edge Sv^itch and SVC Service and 
Switch Controller useable with the example ATM SVC service of Fig. 1; 

Fig. 4 illustrates an operation chart for a push method performed in 
accordance with the instant invention; 

Fig. 5 illustrates an operation chart for a pull method and a query method 
performed in accordance with the instant invention; and 

Fig. 6 illustrates an operation chart for a method using certificates 
performed in accordance with the instant invention. 

DETAILED DESCRIPTION OF EMBODIMENTS 

Accordingly, an object of the current invention is to provide a mechanism 
whereby a switch, such as, for example, an ATM switch, can access an extemal 
service control. In particular, the present invention allows multiple network 
services to share a network connection capability in such a way that a 
predetermined signal, such as, for example, UNI signaling, is interpreted via 
service specific controls (such as, for example, data, policies and transformations) 
contained within the network. This is achieved in a uniform manner, such that 
policies can be made globally available in the network. Further, user policy can be 
applied independent of the manner in which the user accesses the network. 

According to an object of the present invention, a multiservice switching 
system has a switching device having predetermined functions with respect to a 
request for a predetermined service, a switch controller that has a bearer function 
and a virtual switch function in order to control the switching device, and a proxy 
device that contains service policies related to either enabling or denying the 
predetermined service, in which multiple service requests are correlated with 
respective services to enable at least one appropriate policy and logic. The 
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switching device and the switch controller may comprise a conventional switch, 
such as, for example, an ATM Switch, or a next generation switch. 

According to a feature of the invention, the multiservice switching system 
further comprises a service controller. The service controller may include the 
switch controller. Ahematively, the switching device may include the switch 
controller. 

According to another object of the invention, a method is disclosed for 
switching plural forms of data. A customer initiates a request for service. In 
response to the request, predetermined data related to the requested service is 
obtained. If the requested service is permitted, the initiating customer is instructed 
to initiate a setup, such as, for example, a UNI setup, identifying the requested 
service. A PNNI protocol (setup) is completed across a network in response to the 
UNI setup, and a second UNI setup is initiated to accept or reject the service 
request, which is passed back to the initiating customer, wherein multiple service 
requests are correlated with respective services to enable at least one appropriate 
policy and logic. 

According to a feature of the invention, the data related to the requested 
service may be obtained using at least one of a push procedure that pushes the 
predetermined data, a pull procedure that pulls policy and/or logic (e.g., a 
program) representing at least one of service capabilities and service permissions, 
a query (trigger) procedure that queries a service control module, or a certificate 
procedure that specifies permitted setup parameters. The push (download) 
procedure and the pull procedure pushes and pulls, respectively, information into a 
Network Connection Capability, and then makes a decision regarding a service. 
The query procedure provides facts (e.g., policy and/or logic), and then the service 
makes a policy and/or logic decision. 
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According to an advantage of the invention, the certificate may be 
encrypted. In addition, a sequence number, that assists in preventing reuse of the 
certificate, may be assigned to the encrypted certificate. By examining the 
sequence number assigned to the certificate, it is possible to determine whether the 
sequence number (and thus, the certificate) was seen before. In addition to the 
assignment of the sequence number (or instead of using the sequence number), the 
certificate can be time-stamped and/or date-stamped. An examination of the time- 
stamp and/or date-stamp (with or without the sequence number) assists in 
determining whether the certificate is vahd. If the time-stamp and/or date-stamp 
exceeds a predetermined delta value, the certificate is determined to be invalid, and 
thus, the service request is denied. 

A still further advantage of the invention resides in the encrypted certificate 
being able to identify which service allowed the setup. 

According to another object of the invention, a method for switching plural 
forms of data is disclosed. The method comprises initiating a service request by an 
initiating customer, establishing the service request using a predetermined setup, 
such as, for example, a user-to-network interface setup, and initiating a second 
predetermined setup, such as, for example, a user-to-network interface setup, to 
accept or reject the requested service, wherein multiple service requests are 
correlated with respective services to enable at least one appropriate policy and 
logic. 

According to a feature of the invention, a Service Control may request that 
initiating customer initiate the user-to-network interface setup. 

According to another feature, if the service request is transferred over an 
ATM network, the user-to-network interface setup is redirected from a switching 
device to a service controller. 
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According to an advantage of the invention, the switching device is 
controlled by a switch controller. The switch controller may be integral with the 
switching device, or, alternatively, the switch controller may be integral with the 
service controller. 

Another advantage of the invention is that the service request may be 
established using at least one of a pushing procedure, a pulling procedure, a query 
procedure, and a certificate procedure. If the certificate procedure is employed, a 
certificate may establish what service requests uses the user-to-network interface 
setup. Further, the certificate may specify what setup parameters are permitted 
and/or which service allowed the setup. 

If desired, the certificate may be encrypted. In addition, at least one of a 
sequence number, a time-stamp, and a date-stamp may be used with the certificate 
to assist in verifying that a certificate is valid. Thus, reuse of a certificate may be 
prevented. 

Fig. 1 discloses an example ATM SVC Service that can use the present 
invention, comprising an initiating SVC service customer 10, a first ATM edge 
switch 12, an ATM core switch 14, a second ATM edge switch 16, a terminating 
SVC service customer 18, a first SVC service controller 20, a second SVC service 
controller 22, and a proxy device, such as, for example, a SVC service policy 
device 24. However, it is understood that modifications to this arrangement may 
be made without departing from the scope and/or spirit of the invention. 

Further, while the present invention is being described with reference to a 
UNI signal, it is understood that altemative signal protocols may be used without 
departing from the spirit and/or scope of the invention. 

The SVC customer 10 either initiates or terminates an SVC Service Request 
using UNI signaling. The SVC customer 10 may correspond to, for example, an 
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individual subscriber, an enterprise network, an ISP or a peer network. In 
addition, an ISDN to ATM gateway may also act on behalf of an SVC customer. 
Service policies define the capabilities and resources available to the customer, and 
also, determine whether a service request succeeds or fails. Example SVC service 
class capabilities include, but are not limited to, constant bit rate (CBT), real time 
variable bit rate (rt-VBR), non-real time variable bit rate (nrt-VBR), unspecified 
bit rate (UBR), available bit rate (ABR), calling line identification presentation and 
restriction (CLIP/CLIR). Example resources include, but are not limited to, for 
example, total bandwidth and total number of SVC's, 

Fig. 1 illustrates the ATM SVC being implemented with conventional ATM 
switches that contain both bearer control and virtual switch control in addition to 
the switching function, the structure of which is shown in greater detail in Fig. 2. 
According to the present invention, the ATM SVC Service Control (e.g., network 
service instance control function NSICF) is removed fi*om a switching device (e.g., 
ATM edge switch 12 or 16) and placed within a separate physical controller. In 
the first embodiment, bearer control and virtual switch control are bundled 
together (as a switch controller) with switching as part of a single physical unit, 
and the NSICF is bundled separately as the SVC Service Controller. UNI 
signaling is redirected from the edge switch to the SVC Service Controller via a 
permanent virtual circuit (PVC). This allows the SVC Service Controller to apply 
policy and/or other transformations to UNI setup messages. If the SVC Service 
Controller permits a setup, the SVC Service Controller functions as a proxy agent 
for the SVC Service Customer, in accordance with, for example, Annex 2 of ATM 
UNI Signaling Specification Version 4.0, and issues a UNI setup command to the 
ATM Edge Switch. 

Fig. 2 illustrates a conventional switch. The conventional ATM Edge 


.S02 

Switch 12 (or 16) comprises a first physical port 26, a virtual switch 28, a second 
physical port 30, a virtual switch controller 32, a bearer controller 34, and a third 
physical port 36. The first physical port 26 includes a signaling gateway 38 and a 
logical port 40, while the second physical port 30 includes a logical port 42. 

The SVC Service Controller 20 (or 22) includes a first physical port 44, a 
Network Service Instance Control Function (NSICF) 46, and a second physical 
port 48. 

As shown in Fig. 2, an optional Service Gateway 50 is interfaced between 
the SVC Service Controller 20 (or 22) and the policy Server 24. 

It is noted that the construction and operation of the ATM Edge Switch, the 
SVC Service Controller and the Service Gateway is known to those skilled in the 
art. Thus, a detailed described of the structure and operation of these elements is 
omitted. It is further understood that variations in the construction of the Edge 
Switch, SVC Service Controller and Service Gateway may be made without 
departing from the scope and/or spirit of the invention. 

While the invention is described with respect to an ATM SVC service, it is 
understood that the invention is not limited to ATM SVC service, but may be 
utilized with other network services. 

In order to implement the ATM SVC Service outside of the conventional 
switch, a UNI signaling channel, produced by an SVC Service Customer, is 
redirected to an SVC Service Controller by a PVC or S-PVC. An SVC Service 
Customer may correspond with an individual subscriber (connected by, but not 
limited to, for example) an xDSL connection, an ISDN connection (using, for 
example, an ISDN to ATM Intemetwork gateway), an enterprise network, an ISP 
or a peer network. In the disclosed embodiment, policies are stored in the database 
24 (e.g., policy server) that is physically separate from an individual Service 
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Controller 20 (or 22). The database 24 is accessed by a service gateway 52 
associated with the Service Gateway 50. The policy server 24 checks policies of 
both the calling party and the called party. 

While the policy server 24 is shown as being physically separate from the 
SVC Service Controllers, it is understood that variations in form, such as, but not 
limited to, for example, incorporating the policies in one or more SVC Service 
Controllers 20 (or 22), may be made without departing from the spirit and/or scope 
of the invention. 

The present invention discloses the use of a predetermined setup, such as, 
for example, UNI version 4.0 proxy, for the purpose of accessing bearer control. 
As a resuh, the NSICF 46 terminates the UNI stack. However, it is understood 
that different protocols (such as, but not limited to, UNI version 3.1) may be used 
for accessing bearer control without departing from the scope and/or spirit of the 
invention. 

Fig. 3 illustrates an example of an ATM Switch, in which the ATM SVC 
Service is implemented using a next generation Multiservice Switching Function 
(MSF) ATM switch 54. In this regard, elements in this example that correspond to 
like elements in the first example are designated with the same element number. 
Further, a detailed discussed of such elements is not required. 

In the second example, the virtual switch controller 32 and the bearer 
controller 34 are removed from the switch and are placed in a separate SVC 
Service Switch Controller 56, along with the NSICF 46. Further, UNI signaling 
passes through the switch 54 and on to the NSICF 46 within the Switch Controller 
56. It is noted that for purposes of simplification, Fig. 3 omits physical paths sp 
and vsc. 

The NSICF 46 applies policy and screening to a UNI setup message based 
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on a calling party and a called party, a requested service class, etc., via the service 
feature gateway function. If the setup message is successful, the NSICF 46 
invokes the bearer control function 34 that resides within the Switch Controller 56 
that provides access to the network's SVC capability. The Signaling Gateway 
function is placed within the physical port to denote that the UNI signaling crosses 
the boundary from customer to network, and that it is being re-directed via a PVC 
to the NSICF. No policy is apphed and the transport of the signaling does not 
change. The Bearer Control function 34 is implemented by initiating a PNNI 
protocol in the network direction in order to create a bearer connection across the 
network. Further, the Logical Port function is accessed via the virtual switch 
control function along sp to access this function. 

It is noted that in a multiservice environment, service control is not limited 
to ATM SVC's. Other transport devices, such as, but not limited to, for example, 
Frame relay and IP layered on top of ATM, may be used. 

The present invention solves the problem of multiple services sharing the 
same Network Connection CapabiUty while utilizing a common UNI Signaling 
method. In the following discussion, it is assumed that a calling party needs to 
access different Network Connection Capabilities based upon the services the 
calling party participates in. 

According to the instant invention, service customers access a service using 
either a dedicated signaling channel or a signaling network (which may optionally 
be IP based). During a service interaction, an ATM SVC Connection must be 
established between customers. Thus, one of the end-systems initiates a UNI 
setup. Once the UNI initiates the SVC's between the ATM SVC Service and other 
Services, the Network Connection Capability correlates the calling party setup 
request with the service it belongs to, so that an appropriate policy is applied. 


10 


.S02 

The end-systems, the service, and the Network Connection Capabihty must 
coordinate their actions. Specifically, the Network Connection Capability must 
enable the enforcement of the service policy and/or logic (e.g., a program module) 
at least during the initial setup. In addition, the called party must be able to map an 
incoming UNI to the appropriate service/application. 

Four procedures are discussed below for enabling enforcement of the 
service policy and/or logic, in accordance with the present invention. However, it 
is understood that the invention is not limited to the four procedures discussed 
below, and thus, should not be interpreted as limiting the scope of the invention; 
altemative procedures may be employed without departing from the scope and/or 
spirit of the invention. 

In the first procedure, to be discussed in detail below, the Service 
downloads (pushes) policy and/or logic into the Network Connection Capability 
before it requests the end-user to do a UNI setup. In the second procedure, to be 
discussed in detail below, the Network Connection Capability pulls in policy 
and/or logic from the Service when it receives a setup or other signaling message. 
In the third procedure, to be discussed in detail below, the Network Connection 
Capability queries the Service when it receives a setup or other signahng message. 
In the fourth procedure, to be discussed below in detail, the Service sends the 
service customer an encrypted certificate that allows a setup phase to go through 
without requiring interaction between the Service and the Network Connection 
Capability. 

It is noted that the Network Connection Capability must be able to map the 
incoming setup to the corresponding service in the first through third procedures. 
In the fourth procedure, the service provides the end-system with a (preferably 
non-reusable) certificate that allows it to do the permitted setup. The end-system 
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of the fourth procedure includes the certificate in its setup message, so that the 
controller does not have to consult with the service in order to determine whether 
to allow the setup. It is noted that while the certificate is preferably encrypted with 
the permissions as well as a sequence number, this is not a requirement of the 
instant invention. 

The first procedure will now be described with reference to Fig. 4. In the 
first procedure, policy and/or logic is pushed (downloaded) into the Network 
Connection Capability before it requests the end-system to do a UNI setup. In 
accordance with this procedure, the Network Connection Capability maps the 
incoming setup to a corresponding service. This requires encoding a service 
instance unique ID (s_id), using known techniques, in the setup from the calling 
party. 

At step 1 (see Fig. 4), a service request is made to a Service Controller 58. 
The Service Controller 58 then pushes (step 2) policy and/or logic to control the 
Network Connection Capability. Then, in step 3, the Service Control 58 requests 
that the service customer 10 initiate a UNI setup containing the s__id. The UNI 
setup is directed (step 4) from the customer 10 to the SVC Controller 20 (located 
within the Network Connection Capability), and contains the s_id. Since multiple 
customers may initiate multiple SVC's corresponding to a single service, the s_id 
functions to identify the service and the SVC instance for the particular customer. 

In step 5, a proxy UNI is sent to the edge switch 12. As a result, PNNI is 
transmitted across the network (step 6), which results in the forwarding of a proxy 
UNI to the SVC Controller 22 (located within the Network Connection Capability) 
at step 7. Thereafter, step 8 is performed to initiate UNI to the service customer 
18. 

In order for the customer to map the incoming UNI setup to an application, 
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either the setup contains an application identifier or one of the SVC Controller 22 
or the Service Control 58 must alert the service customer 18 of the incoming UNI 
and its Virtual Path IdentifierMrtual Channel Identifier (VPWCI), which is 
illustrated in Fig. 4 as step 7.5. If the apphcation identifier and service identifier 
are the same, the s__id can be used. However, since this may not be the case, a 
different identifier is preferably used. 

The second procedure will now be described with reference to Fig, 5. In 
the second procedure, the Network Connection Capability pulls in policy and/or 
logic in a manner similar to that described in the first procedure. 

At step 1 (see Fig. 5), a service request is made to the Service Control 58. 
In step 2, the Service Control 58 requests that the service customer 10 initiate a 
UNI setup containing s_id. The UNI setup is directed (step 3) from the customer 
10 to the SVC Controller 20 (located within the Network Connection Capability), 
and contains the s_id. Since multiple customers may initiate multiple SVC's 
corresponding to a single service, the s_id functions to identify the service and the 
SVC instance for the particular customer. Step 4 is then performed, in which the 
Network Connection Capability pulls policy and/or logic from the Service Control 
58, which is completed by the reply provided in step 4.5. 

In step 5, a proxy UNI is sent to the edge switch 12. As a result, PNNI is 
used to do an SVC across the network (step 6), which results in a proxy UNI to the 
SVC Controller 22 (located within the Network Connection Capability) at step 7. 
Thereafter, step 8 is performed to initiate UNI to the service customer 18. As in 
the first procedure, the SVC Controller 22 or the Service Control 58 alerts (step 
7.5) the service customer 18 of the incoming UNI and its VPI/VCI. 

The third procedure will now be described, As this procedure is similar to 
the pull procedure (e.g., second procedure) described above, the following 
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discussion will only be directed to the differences. 

In the third procedure, an incoming setup message results in a query to an 
appropriate service control module. Other queries, based, on, for example, mid- 
call signaling events, can also be defined. The query procedure includes a query 
and a response. In the case of a setup, the response contains information 
indicating whether the setup should go through, and under what conditions. 

It is noted that in the second and third procedures, the interaction between 
the Network Connection Capability and the Service Control 58 must be timely, in 
order to avoid a time out condition. Further, the s_id is needed in the setup that 
uniquely identifies the service. 

The third procedure differs from the first and second procedures in at least 
one important respect. Specifically, in the query procedure, the service is not 
constrained by the capabilities of the SVC Controller that interprets service policy 
and/or logic. 

The fourth procedure will now be described with reference to Fig. 6. In the 
fourth procedure, multiple services use the same network connection capability 
under UNI Signaling without requiring an interaction between the services and the 
network connection capabiUty. In accordance with this procedure, the Service 
Control 58 provides the service customer 10 with a certificate allowing it to do a 
permitted setup. The certificate specifies permitted setup parameters. The service 
customer 10 includes the certificate in its setup message. In this regard, it is noted 
that the network connection capability does not need to consult with the Service 
Control 58 in order to allow the setup. The certificate uniquely identifies which 
service allowed the setup, so that billing and accounting can be properly performed 
when this procedure is used with third parties. 

While the following discussion indicates that the certificate are encrypted, it 
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is noted that the encryption may be omitted without departing from the spirit 
and/or scope of the invention. It is also noted that the certificate may contain the 
permissions and/or a sequence number. According to the disclosed fourth 
procedure, certificates are non-reusable. Further, since events may happen 
asynchronously, the certificates may not necessarily be used in the order that they 
are received. 

Each network service (s) has a private key (E.s) that is used to encrypt 
certificates. For each encryption key, the network connection capability has a 
private decryption key (D.s). As a result, only the network connection capability 
can read a certificate, and only the network service can have originally generated 
the certificate. Further, according to the disclosed procedure, each certificate is 
preferably encrypted with a unique sequence number in order to ensure that a 
previous certificate is not used again. When the Network Connection Capability 
decrypts a certificate, the Network Connection Capability examines the sequence 
number to determine whether the certificate has been seen before. 

Keeping a record of each and every certificate (with their associated 
sequence number) that has been received would require a very large database. In 
order to minimize the size of this database, a preferred feature of the fourth 
procedure is to generate certificates in which subsequently generated certificates 
have increasing sequence numbers. As a result, the network connection capability 
only needs to keep a limited size history (which changes over time) of previously 
seen certificates for each service. In addition, the size of the database that must be 
maintained can be fiirther reduced by date-stamping (and/or time-stamping) the 
certificates in addition to assigning sequence numbers. If the date-stamped (and/or 
time-stamped) certificate exceeds a predetermined delta value (such as, but not 
limited to, for example, 1 day and/or 1 minute), the certificate (and thus connection 
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request) is rejected. 

Referring to Fig. 6, a service request is initially made to a Service Control 
58 at step 1. In response, the Service Control 58 requests (steps 2) that the service 
customer 10 initiate a certificate and a UNI setup containing s_id . The UNI setup 
(containing the s_id and certificate) is directed (step 3) firom the customer 10 to the 
SVC Controller 20 that is located within the Network Connection Capability. 

In step 4, a proxy UNI is sent to the edge switch 12. As a result, PNNI is 
transmitted across the network (step 5), which results in a proxy UNI being sent to 
the SVC Controller 22 (located within the Network Connection Capability) at step 
6. As in the first method, the SVC Controller or the Service Control 58 alerts (step 
6.5) the service customer of the incoming UNI and its VPWCI. Thereafter, step 7 
is performed to initiate UNI to the service customer 18. 

The discussion above illustrates certain procedures for achieving the 
network connection. As previously noted, the instant invention is not dependent 
upon the specific implementation described above. Consequently, other 
implementations may be utilized without departing from the spirit and/or scope of 
the invention. 

It is noted that the push (download) procedure (e.g., the first procedure) 
allows third party service providers to be connected by the Internet, whereas the 
other disclosed procedures may not. It is further noted that once poKcy and/or 
logic is pushed (per the first procedure), it is locally available to a SVC Controller, 
where it can be applied in real-time to setup messages, as opposed to waiting to 
pull it in (per the second procedure) or querying to a service (per the third 
procedure). 

Further, the various procedures described above may be combined. For 
example, the push procedure may be combined with the query procedure. In such 
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a combination, a setup can operate to query a service controller which then pushes 
policy and logic; alternatively (or in addition), queries can be placed on variables 
that represent the state of a call. 

The foregoing discussion has been provided merely for the purpose of 
explanation and is in no way to be construed as limiting of the present invention. 
While the present invention has been described with reference to exemplary 
embodiments, it is understood that the words which have been used herein are 
words of description and illustration, rather than words of limitation. Changes 
may be made, within the purview of the appended claims, as presently stated and 
as amended, without departing from the scope and spirit of the present invention in 
its aspects. Although the present invention has been described herein with 
reference to particular means, materials and embodiments, the present invention is 
not intended to be limited to the particulars disclosed herein; rather, the present 
invention extends to all functionally equivalent structures, methods and uses, such 
as are within the scope of the appended claims. 

In accordance with various embodiments of the present invention, the 
methods described herein are intended for operation as software programs running 
on a computer processor. Dedicated hardware implementations including, but not 
limited to, application specific integrated circuits, programmable logic arrays and 
other hardware devices can likewise be constructed to implement the methods 
described herein. Furthermore, altemative software implementations including, but 
not limited to, distributed processing or component/object distributed processing, 
parallel processing, or virtual machine processing can also be constructed to 
implement the methods described herein. 

It is also noted that the software implementations of the present invention as 
described herein are optionally stored on a tangible storage medium, such as: a 
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magnetic medium such as a disk or tape; a magneto-optical or optical medium such 
as a disk; or a solid state medium such as a memory card or other package that 
houses one or more read-only (non- volatile) memories, random access memories, 
or other re-writeable (volatile) memories. A digital file attachment to e-mail or 
other self-contained information archive or set of archives is considered a 
distribution medium equivalent to a tangible storage medium. Accordingly, the 
invention is considered to include a tangible storage medium or distribution 
medium, as listed herein and including art-recognized equivalents and successor 
media, in which the software implementations herein are stored. 

In addition, although the present specification describes components and 
functions implemented in the embodiments with reference to particular standards 
and protocols, the invention is not limited to such standards and protocols. The 
standards for Intemet and other packet-switched network transmission (e.g., 
TCP/IP, UDP/IP, HTML, SHTML, DHTML, XML, PPP, FTP, SMTP, MIME); 
peripheral control (IrDA; RS232C; USB; ISA; ExCA; PCMCIA); and public 
telephone networks (ISDN, ATM, xDSL) represent examples of the state of the 
art. Such standards are periodically superseded by faster or more efficient 
equivalents having essentially the same functions. Replacement standards and 
protocols having the similar functions are considered equivalents. 
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We claim: 

L A multiservice switching system, comprising: 

a switching device having predeteraiined functions with respect to a request 
for a predetermined service; 

a switch controller having a bearer function and a virtual switch function 
for controlling said switching device; and 

a proxy device containing at least one of service policies and logic related 
to one of enabling and denying said predetermined service, in which multiple 
service requests are correlated with respective services to enable at least one 
appropriate policy and logic. 

2. The multiservice switching system of claim 1, wherein said switching 
device and said switch controller comprise a conventional switch. 

3. The multiservice switching system of claim 2, wherein said conventional 
switch comprises an ATM Switch. 

4. The multiservice switching system of claim 2, wherein said switching 
device and said switch controller comprise a next generation switch. 

5. The multiservice switching system of claim 1, further comprising a 
service controller, said service controller including said switch controller, 

6. The multiservice switching system of claim 1, wherein said switching 
device includes said switch controller. 

7. A method for switching plural forms of data, comprising: 
having an initiating customer request a service; 

obtaining predetermined data related to the requested service; 
instructing the initiating customer to initiate a predetermined setup 
identifying the requested service, when the requested service is permitted; 
passing a predetermined signal across a network in response to the 
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predetermined setup; and 

initiating a second predetermined setup, in response to the passed 
predetermined signal, to one of accept and reject the requested service, the second 
predetermined signal being provided to the initiating customer, in which multiple 
service requests are correlated with respective services to enable at least one 
appropriate policy and logic. 

8. The method of claim 7, wherein obtaining comprises pushing the 
predetermined data. 

9. The method of claim 8, wherein the pushing predetermined data 
comprises pushing at least one of policy and logic representing at least one of 
service capabilities and service permissions. 

10. The method of claim 7, wherein obtaining comprises pulling the 
predetermined data. 

1 1 . The method of claim 7, wherein obtaining comprises querying a service 
control module for the predetermined data. 

12. The method of claim 7, further comprising using a certificate to specify 
permitted setup parameters. 

13. The method of claim 12, further comprising encrypting the certificate. 

14. The method of claim 13, further comprising assigning a sequence 
number to the encrypted certificate. 

15. The method of claim 12, wherein the certificate further identifies which 
service allowed the setup. 

16. The method of claim 12, further comprising determining whether the 
certificate is valid. 

17. The method of claim 12, further comprising preventing reuse of the 
certificate. 
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18. The method of claim 17, wherein preventing comprises examining a 
sequence number assigned to the certificate to determine whether the sequence 
number was seen before. 

19. The method of claim 17, wherein preventing comprises examining at 
least one of a time-stamp and a date-stamp to determine wherein the at least one of 
the time-stamp and the date-stamp exceeds a predetermined delta value. 

20. A method for switching plural forms of data, comprising: 
initiating a service request by an initiating customer; 
establishing the service request using a predetermined setup; and 
initiating a second predetermined setup to one of accept and reject the 

requested service, in which multiple service requests are correlated with respective 
services to enable at least one appropriate policy and logic. 

21. The method of claim 20, wherein establishing the service request 
comprises using a pushing procedure. 

22. The method of claim 20, wherein establishing the service request 
comprises using a pulling procedure. 

23. The method of claim 20, wherein establishing the service request 
comprises using a query procedure. 

24. The method of claim 20, further comprising a Service Control that 
requests that the initiating customer initiate a user-to network interface setup. 

25. The method of claim 20, wherein the service request is transferred over 
an ATM network, the predetermined setup being redirected from a switching 
device to a service controller. 

26. The method of claim 25, further comprising controlling the switching 
device with a switch controller, the switch controller being integral with the 
switching device. 
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27. The method of claim 25, further comprising controlling the switching 
device with a switch controller, the switch controller being integral with the 
service controller, 

28. The method of claim 20, wherein estabUshing further comprises 

5 including a certificate for establishing the service request using the predetermined 

setup. 

29. The method of claim 28, wherein the certificate specifies permitted 
setup parameters. 

30. The method of claim 28, further comprising encrypting the certificate. 
10 31. The method of claim 30, further comprising assigning a sequence 

3 number to the encrypted certificate. 

32. The method of claim 28, wherein the certificate further identifies which 
service allowed the setup. 
[=2 33. The method of claim 28, further comprising determining whether the 

; 15 certificate is valid. 

CO 34. The method of claim 28, further comprising preventing reuse of the 

vj certificate. 

'p. 35. The method of claim 34, wherein preventing comprises examining a 

sequence number assigned to the certificate to determine whether the sequence 
20 number was previously examined. 

36, The method of claim 34, wherein preventing comprises examining at 
least one of a time-stamp and a date-stamp to determine whether the at least one of 
the time-stamp and the date-stamp exceeds a predetermined delta value. 

37. The method of claim 7, wherein the predetermined setup comprises a 
25 UNI setup, the predetermined signal comprises a PNNI protocol, and the second 

predetermined setup comprises a second UNI setup. 
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38. The method of claim 20, wherein the predetermined setup comprises a 
user-to-network interface setup. 
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ABSTRACT 

Method and apparatus for a distributed switching system supporting a 
plurahty of services. A service request is initiated by an initiating customer. The 
5 service request is then executed using, for example, a user-to-network interface 

setup. A terminating setup is then performed to either accept or reject the 
requested service. Multiple service requests are correlated with respective services 
to enable at least one appropriate policy and logic. Data related to the requested 
service is obtained using at least one of a push procedure, a pull procedure, a query 
10 procedure, and a procedure in which requests are associated with the issuance of 
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